Message Security Setup

Creating a Message Security Provider

To configure an existing provider using the Admin Console, select Configuration node > the instance to Configure> Security node > Message Security node > SOAP node > Providers tab.

For more detailed instructions on creating a message security provider, see the Admin Console online help.

Enabling Message Security for Application Clients

The message protection policies of client providers must be configured such that they are equivalent to the message protection policies of the server-side providers they will be interacting with. This is already the case for the providers configured (but not enabled) when the Enterprise Server is installed.

To enable message security for client applications, modify the Enterprise Server specific configuration for the application client container.

Setting the Request and Response Policy for the Application Client Configuration

The request and response policies define the authentication policy requirements associated with request and response processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.

To achieve message security, the request and response policies must be enabled on both the server and client. When configuring the policies on the client and server, make sure that the client policy matches the server policy for request/response protection at application-level message binding.

To set the request policy for the application client configuration, modify the Enterprise Server specific configuration for the application client container as described in“Enabling Message Security for Application Clients” on page 139. In the application client configuration file, add the request-policy and response-policy elements as shown to set the request policy.

The other code is provided for reference. The other code may differ slightly in your installation. Do not change it.

<client-container>

<target-server name="your-host"address="your-host"port="your-port"/>

Chapter 10 • Configuring Message Security

139

Page 139
Image 139
Sun Microsystems 820433510 manual Creating a Message Security Provider, Enabling Message Security for Application Clients